This Windows Server 2022 Tutorial covers how to Configure Group Policy on Windows Server 2022. Group Policy is a feature of the Microsoft Windows NT family of operating systems that controls the working environment of user accounts and computer accounts. It provides centralized management and configuration of operating systems, applications, and users’ settings in an Active Directory environment. A Group Policy Object (GPO) is a virtual collection of policy settings. A GPO has a unique name, such as a GUID, A GPO can represent policy settings in the file system and in the Active Directory. A GPO can be linked to one or more Active Directory containers, such as a site, domain, or organizational unit.
Windows Server Active Directory Domain Service (ADDS) is a directory service that stores information about all objects in the domain and makes this data available to network users and administrators. Active Directory Domain Service provides secure, structured, hierarchical data storage for objects and the admin can easily manage all objects. The Active Directory Domain Controller is a server that runs Active Directory Domain Service and domain controllers to give the network user access to permitted resources anywhere on the network through a single logon process.
In this tutorial, we are going to Prohibit access to the Control Panel for a particular Active Directory organization unit.
Demo environment
- Computer Name: server1.test.com
- Operating System: Windows Server 2022 Datacenter
- IP Address: 192.168.0.2
- Domain: test.com
- Current domain controller (DC): server1.test.com
- DNS Server IP address: 192.168.0.2
- Organizational unit: TEST_OU
- A user within Organizational unit (TEST_OU): test\user1
Related tutorial
Steps for Configuring Group Policy
- Configuring Central Store GPO
- Create and configure Starter GPOs
- Create a GPO and Link
- Check the result on a client machine
Configuring Central Store Group Policy Object
The group policy central store is a central location to store all the group policy template files. This eliminates the need for admins to load and open group policy template files on systems used to manage group policy.
1. Open the Server Manager dashboard, click tools, and select Group Policy Management.
2. Right click on Default Domain Policy and select Edit.
3. On the Group Policy Management Editor, double click User Configuration, expand Policies, and then click Administrative Templates, if you check on that, you will see a note saying Administrative Templates: Policy definitions (ADMX files) retrieved from the local computer.
4. Access your Policies folder and create a new folder name PolicyDefinitions.
c:\windows\SYSVOL\sysvol\comsys.local
5. Access to your C:\windows\PolicyDefinitions folder, what you need to do here is to copy all .adml & .admx files.
6. Then, paste the .adml & .admx files that you copied just now into c:\windows\SYSVOL\sysvol\comsys.local\PolicyDefinitions folder.
7. Open the Group Policy Management Editor interface, expand User Configuration> Polices, point your cursor to the Administrative Templates folder, and verify that it reads: Administrative Templates: Policy definitions (ADMX files) retrieved from the central store.
Create and configure Starter GPOs
Starter GPOs are templates for Group Policy settings. It enables an administrator to create and have a pre-configured group of settings that represent a baseline for any future policy to be created.
8. Open the Server Manager dashboard, click tools, and select Group Policy Management.
9. Create a new Starter GPO, right-click the Starter GPOs folder, and then click New.
10. Enter Name and Comment for New Starter GPO and click OK.
- Name: New Starter GPO
- Comment: New Starter GPO
In this tutorial, we use Prohibit access to the Control Panel and PC settings policy for testing.
11. Right-click on New Starter GPO and Click Edit
12. Open Group Policy Management Editor interface.
Expand User Configuration> Administrative Templates> Control Panel and open Prohibit access to Control Panel and PC settings.
13. In Prohibit access to Control Panel and PC settings window, select Enable and click OK.
Create a GPO and Link
14. Open Group Policy Management, Right-click on OU and select Create a GPO in this domain and Link it here.
15. Enter Name, select Source Starter GPO, and click OK.
Check the result on a client machine
Client Demo environment
- Computer Name: server2.test.com
- Operating System: Windows Server 2022 Datacenter
- IP Address: 192.168.0.4
- Domain: test.com
- Organizational unit: TEST_OU
- A user within Organizational unit (TEST_OU): test\user1
16. Enter User Name and Password.
17. On the client, the machine waits for the policy to get updated automatically or manually updates the policy settings by running the command gpupdate /force in the command prompt.
18. Once you successfully log on, try to open Control Panel.
19. A restriction warning box will appear, This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.